github.com/sealerio/sealer@v0.11.1-0.20240507115618-f4f89c5853ae/pkg/infra/container/imagecontext/base/Dockerfile (about) 1 # Copyright © 2021 Alibaba Group Holding Ltd. 2 # 3 # Licensed under the Apache License, Version 2.0 (the "License"); 4 # you may not use this file except in compliance with the License. 5 # You may obtain a copy of the License at 6 # 7 # http://www.apache.org/licenses/LICENSE-2.0 8 # 9 # Unless required by applicable law or agreed to in writing, software 10 # distributed under the License is distributed on an "AS IS" BASIS, 11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 # See the License for the specific language governing permissions and 13 # limitations under the License. 14 15 FROM ubuntu:21.04 16 COPY entrypoint /usr/bin/ 17 RUN chmod +x /usr/bin/entrypoint 18 COPY 10-network-security.conf /etc/sysctl.d/ 19 ARG PASSWORD="Seadent123" 20 21 RUN echo "Installing Packages ..." \ 22 # && sed -i "s/archive.ubuntu.com/mirrors.aliyun.com/g" /etc/apt/sources.list \ 23 && sed -i -e 's/archive.ubuntu.com\|security.ubuntu.com/old-releases.ubuntu.com/g' /etc/apt/sources.list \ 24 && apt-get update \ 25 && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ 26 systemd \ 27 conntrack iptables iproute2 ethtool socat util-linux mount ebtables kmod \ 28 libseccomp2 pigz \ 29 bash ca-certificates curl rsync vim openssh-server ufw \ 30 && apt-get clean -y \ 31 && rm -rf \ 32 /var/cache/debconf/* \ 33 /var/lib/apt/lists/* \ 34 /var/log/* \ 35 /tmp/* \ 36 /var/tmp/* \ 37 /usr/share/doc/* \ 38 /usr/share/man/* \ 39 /usr/share/local/* \ 40 && find /lib/systemd/system/sysinit.target.wants/ -name "systemd-tmpfiles-setup.service" -delete \ 41 && rm -f /lib/systemd/system/multi-user.target.wants/* \ 42 && rm -f /etc/systemd/system/*.wants/* \ 43 && rm -f /lib/systemd/system/local-fs.target.wants/* \ 44 && rm -f /lib/systemd/system/sockets.target.wants/*udev* \ 45 && rm -f /lib/systemd/system/sockets.target.wants/*initctl* \ 46 && rm -f /lib/systemd/system/basic.target.wants/* \ 47 && echo "ReadKMsg=no" >> /etc/systemd/journald.conf \ 48 && ln -s "$(which systemd)" /sbin/init 49 50 RUN echo "Config ssh ..." \ 51 && echo "PermitRootLogin yes" >> /etc/ssh/sshd_config \ 52 && sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config \ 53 && sed -i '/^session\s\+required\s\+pam_loginuid.so/s/^/#/' /etc/pam.d/sshd \ 54 && echo "root:${PASSWORD}" | chpasswd \ 55 && mkdir -p /root/.ssh && chown root.root /root && chmod 700 /root/.ssh 56 57 RUN echo "Enabling ssh ... " \ 58 && systemctl enable ssh 59 60 RUN echo "Adjusting systemd-tmpfiles timer" \ 61 && sed -i /usr/lib/systemd/system/systemd-tmpfiles-clean.timer -e 's#OnBootSec=.*#OnBootSec=1min#' 62 63 # tell systemd that it is in docker (it will check for the container env) 64 # https://systemd.io/CONTAINER_INTERFACE/ 65 ENV container docker 66 # systemd exits on SIGRTMIN+3, not SIGTERM (which re-executes it) 67 # https://bugzilla.redhat.com/show_bug.cgi?id=1201657 68 STOPSIGNAL SIGRTMIN+3 69 EXPOSE 22 70 71 # NOTE: this is *only* for documentation, the entrypoint is overridden later 72 ENTRYPOINT [ "/usr/bin/entrypoint", "/sbin/init" ]